Client library for Sessions API
npm install --save @datafire/whapi_sessionslet whapi_sessions = require('@datafire/whapi_sessions').create();
.then(data => {
console.log(data);
});The William Hill Sessions API uses a central authentication service (CAS*) on all resources that require access to a customer’s account or betting functionality. To authenticate, you’ll need to supply a sportsbook username and password, in return you will be given an authentication ticket, which you can use on the majority of requests found within our services.
The Sessions API should be used whenever you want to login a customer and:
- continue to use the William Hill API for that customer’s transactions
- use other CAS-enabled William Hill services outside the suite of APIs
CAS is an enterprise Single Sign-On solution for web services (see https://wiki.jasig.org/display/CAS/Home). It is used by many William Hill services.
Note: all requests must be executed over HTTPS and include an API key and secret.
Authentication Ticket Expiration Times
When a customer is logged in using the Sessions API, they are given an Authentication Ticket; using this ticket on subsequent API requests gives you access to account activities (such as placing a bet, deposits, etc). However, this ticket is only valid for a given period of time depending on how it is used. If the ticket is used and then has a period of inactivity longer than 7,200 seconds (2 hours), then the ticket will expire and further requests using the ticket will be denied - in effect, a customer has been logged out and will need to authenticate again.
Normally, any ticket issued only has a maximum life expectancy of 28,000 seconds (8 hours) after which it can no longer be used, even if it has been used regularly. The customer again will be effectively logged out and will need to authenticate again. If you wish to avoid this, you need to set the query parameter extended to Y, which will enable your application to generate a ticket valid for 60 days without expiring due to inactivity.
Logs in a customer by obtaining an authentication ticket. It can then be used directly with the other William Hill APIs to access a customer’s sportsbook account, place a bet, etc.
whapi_sessions.logIn({
"apiKey": "",
"apiSecret": "",
"login": {
"username": "",
"password": ""
}
}, context)- input
object- apiKey required
string: A unique identifier of your application that is generated by the API portal. - apiSecret required
string: Another unique identifier for your application. - fields
array: Specify an absolute field list to return (Comma Separated List) - include
array: Specify fields in addition to the default to return (Comma Separated List) - exclude
array: Specify fields from the default to exclude (Comma Separated List) - territory
string: Territory from which request originates - languageAsPerTerritory
string: Defines response field name language, true (default) returns in language defined by territory, false returns in English - login required loginRequest
- apiKey required
- output session
Logs out a customer.
whapi_sessions.logOut({
"apiKey": "",
"apiSecret": "",
"tgt": ""
}, context)- input
object- apiKey required
string: A unique identifier of your application that is generated by the API portal. - apiSecret required
string: Another unique identifier for your application. - tgt required
string: Ticket Granting Ticket obtained from a previous request - territory
string: Territory from which request originates - languageAsPerTerritory
string: Defines response field name language, true (default) returns in language defined by territory, false returns in English
- apiKey required
- output logoutresponse
Checks the validity of a session ticket.
whapi_sessions.validateSession({
"apiKey": "",
"apiSecret": "",
"tgt": ""
}, context)- input
object- apiKey required
string: A unique identifier of your application that is generated by the API portal. - apiSecret required
string: Another unique identifier for your application. - tgt required
string: Ticket Granting Ticket obtained from a previous request - territory
string: Territory from which request originates - languageAsPerTerritory
string: Defines response field name language, true (default) returns in language defined by territory, false returns in English
- apiKey required
- output ticketvalidityresponse
Obtains a one-time Service Ticket that can be used to access other CAS enabled William Hill services that are not available through the standard suite of APIs. You first need to have logged in a customer to obtain an Authentication Ticket.
whapi_sessions.getServiceTicket({
"apiKey": "",
"apiSecret": "",
"tgt": "",
"target": ""
}, context)- input
object- apiKey required
string: A unique identifier of your application that is generated by the API portal. - apiSecret required
string: Another unique identifier for your application. - tgt required
string: Ticket Granting Ticket obtained from a previous request - territory
string: Territory from which request originates - languageAsPerTerritory
string: Defines response field name language, true (default) returns in language defined by territory, false returns in English - target required
string: The target URL of the CAS enabled service that you want to use with the service ticket. - fields
array: Specify an absolute field list to return (Comma Separated List) - include
array: Specify fields in addition to the default to return (Comma Separated List) - exclude
array: Specify fields from the default to exclude (Comma Separated List)
- apiKey required
- output serviceTicket
- error
object- code
string: A unique William Hill identifier for the error - field
string: To help pinpoint the exact parameter where a request has failed - message
string: A unique William Hill text string to enable you to identify the error
- code
- loginRequest
object- extended
boolean: Whether extended login or normal login is required. If the parameter is set to Y your application will generate an authentication ticket valid for a period of 60 days, without expiring due to inactivity. If the parameter is left blank or set to N this means your application will support the normal expiry times for tickets: The ticket expires after 2 hours of inactivity. The ticket is valid for a maximum of 8 hours after it has been issued. - password required
string: Customer Password - username required
string: Customer Username
- extended
- logoutresponse
object- success
boolean
- success
- serviceTicket
object- location
string: This is the URL of the target service sent in the request. This is a combination of the endpoint and the ticket for future operations such as DELETE. - ticket required
string: The TGT ticket
- location
- session
object- expiryDateTime required
string: The UTC time when the ticket expires. - extended
boolean: The value you have selected previous to executing the request. If the value is Y, this enables your application to generate a ticket valid for 60 days without expiring due to inactivity. - location
string: This is the URL of the target service sent in the request. This is a combination of the endpoint and the ticket for future operations such as DELETE. - temporaryPassword
boolean: Indicates that the account has a temporary password set and hence the user must be prompted to change their password. - temporaryPasswordUrl
string: Url for user to change password. A TGT must be added to the URL - ticket required
string: The TGT ticket
- expiryDateTime required
- sessionsErrors
object- errors
array- items error
- errors
- ticketvalidityresponse
object- valid
boolean
- valid